Proxy support in On-Premises installations

Deprecated

Summary

In release #760 and newer of the Sysdig platform back-end, an option is available to configure outgoing HTTP/HTTPS connections to be made via proxy. This has been tested and supports outgoing web connections that are necessary to support the following features:

Notification Channels

PagerDuty

Slack

Amazon SNS

VictorOps

OpsGenie

WebHook

Gathering of AWS CloudWatch data

Capture storage to an AWS S3 bucket

Proxied web connectivity to support authentication mechanisms (SAML. OpenID Connect, OAuth) are not supported at this time.

Configuration

The proxy settings are configured via the JVM options passed to the Sysdig software components. If you already have JVM options configured, append these to your existing settings.

In a Replicated on-premises install, the JVM settings are in the admin console under the Settings tab. At the bottom of the screen, check the box to Show Advanced Settings to reveal the configuration option:

Exclusions

By default, HTTP/HTTPS requests to localhost or 127.0.0.1 will not be directed by the back-end toward any configured proxy, which is necessary for the functioning of some web components internal to the Sysdig platform containers.

Additionally, if you deploy your Sysdig platform in Amazon Web Services (AWS), the back-end will occasionally make HTTP requests to a special instance metadata address 169.254.169.254. If you configure a proxyHost as described in this article, these requests would also be directed via the proxy, which would be undesirable. In a future release of the Sysdig platform back-end, this IP address will be excluded from proxying by default. In the interim, you can work around the issue by appending another JVM option:

-Dhttp.nonProxyHosts=169.254.169.254

If you have additional proxy exclusions you wish to specify that are unique to your environment, these can also be added using the pipe separator. For example, assume your deployment was in AWS and you also had a webhook target 192.168.1.2 that was not reachable via your proxy. To exclude both, in a Replicated configuration, your complete string to enter into the console for Sysdig Cloud application JVM options would be: